Active Directory Exploitation

Initial access SMB Enumeration smbmap -H 10.10.10.100 smbmap -H 10.10.10.100 -R # recursive smbmap -H 10.10.10.192 -u null smbmap -H 10.10.10.100 -d domain.local -u USERNAME -p PASSWORD smbclient \\\\10.10.10.169\\NETLOGON -U 'melanie'%'Welcome123!' If access on GPO Policies search for cpasswords in "domain.local/Policies/{xx-xx-xx}/MACHINE/Preferences/Groups/Groups.xml" and decrypt with gpp-decrypt edBSHOwhZLTjt/QS9FeIcJ83mjWA98gw9guKOhJOdcqh+ZGMeXOsQbCpZ3xUjTLfCuNH8pG5aSVYdYw/NglVmQ ASREPRoast Finding users that don't require preauth. We can... » read more

0
Read
xNULL
Exposing services with reverse SSH tunnels

Exposing services with reverse SSH tunnels Reverse SSH port forwarding specifies that the given port on the remote server host is to be forwarded to the given host and port on the local side. -L is a local tunnel (YOU <-- CLIENT). If a site was blocked, you can forward the traffic to a server... » read more

0
Read
xNULL
Windows-Exploitation

WIP... Here we go... A collection of commands for AD enumeration and exploitation for OSCP preparation. User Enumeration Enumerate users for domain CONTROLLER.local on DC CONTROLLER.local kerbrute userenum --dc CONTROLLER.local -d CONTROLLER.local /usr/share/wordlists/User.txt Ticket harvesting and Passwort Bruteforcing Capture TGTs sent to the KDC every 30 seconds Rubeus.exe harvest /interval:30 User : CONTROLLER-1$@CONTROLLER.LOCAL StartTime :... » read more

0
Read
xNULL
Reverse engineer Android native apps with Frida and ADB

If you have an android native app with dynamic rendered content, reverse engineering can be tough. Thats why we can use Frida and ADB So what is Frida, exactly? User Guide It’s Greasemonkey for native apps, or, put in more technical terms, it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript... » read more

0
Read
xNULL
PicoCTF It is my Birthday

It is my Birthday (100 points) SOLVED xNULL I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to... » read more

0
Read
xNULL
CompTIA Sec+ SY0-601

Exam Objectives Notes Lesson 1 CIA or AIC: Confidentially, Integrity, Availibility Information security tasks can be classified as followingThe five functions Identify: Develop security policies and capabilities. Evaluate risks, threats, vulnerabilities and recomment security controls to mitigate them Protect: Procure/develop, install, operate and decommission IT hardware and software assets with security as an embedded requirement... » read more

0
Read
xNULL
Darling: Redundancy

To add a more redundancy to my project and finally getting experience with docker and Kubernetes, I decided to deploy Darling in a Kubernetes cluster. It was a quite challenging task but totally worth the time. I learned to build my own Docker image from scratch and upload it to a private repository. Then I... » read more

1
Read
xNULL